About GELI root
alphachi
alphachi at mediaspirit.org
Sat Oct 11 19:08:09 UTC 2014
Environment: FreeBSD 10.0R amd64
The root partition is /dev/ada0p1 with gpart label /dev/gpt/rootfs. /dev/gpt/rootfs.eli is created from /dev/gpt/rootfs, not /dev/ada0p1.
# cat /boot/loader.conf
vfs.root.mountfrom="ufs:/dev/gpt/rootfs.eli"
aesni_load="YES"
geom_eli_load="YES"
geli_gpt_rootfs_keyfile0_load="YES"
geli_gpt_rootfs_keyfile0_type="gpt/rootfs:geli_keyfile0"
geli_gpt_rootfs_keyfile0_name="/boot/rootfskey"
Question 1.
Boot is OK, but many messages like the under can be found in dmesg:
...
GEOM_ELI: Found no key files in loader.conf for ad4p1
...
GEOM_ELI: Found no key files in loader.conf for gptid/*
...
After adding "kern.cam.ada.legacy_aliases=0" to /boot/loader.conf, the left messages are:
GEOM_ELI: Found no key files in loader.conf for ada0p1
GEOM_ELI: Found no key files in loader.conf for gptid/*
How to: disable the two messages except to change gpt_rootfs and gpt/rootfs to ada0p1 in /boot/loader.conf?
Question 2
I want to use the two different authentication for the root partition. The first(geli setkey -n 0) is a key without passphrase. The partition can be automounted with it. The second(geli setkey -n 1) is a passphrase without key. The partition can be mounted manually with it on the other computers.
Before I add the second, the partition can be automounted. After adding it, I have to input the passphrase at booting. It looks like the system mix the two authentication, instead of independence. Perhaps because of "geli init -b"?
How to: if the key is found, the autobooting is OK; if the key isn't found, the booting continue after inputting the passphrase?
Thanks!
More information about the freebsd-questions
mailing list